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12 

13 TITLE OF THE INVENTION 

14 

15 Content and Key Distribution System for Digital Content Representing Media Streams 
16 

17 BACKGROUND OF THE INVENTION 

18 

19 1. Field of the Invention 
20 

21 The invention relates to distributing content and keys for digital content 

22 representing media streams. 
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1 

2 2. Related Art 
3 

4 Distribution of digital content representing media streams, such as for ex- 

5 ample movies, is subject to several problems. One problem is that it is easy to make ex- 

6 act copies of digital content, thus allowing any recipient of that content to redistribute it, 

7 whether authorized or not. It would be advantageous to be able to distribute digital 

8 content, particularly digital content representing media streams, without fear of its un- 

9 authorized distribution. This would be particularly advantageous when it is desired to 

10 distribute digital content using a communication link, such as for example a computer 

11 network or other technique for distribution to end viewers (for example, either on 

12 demand, in anticipation of future demand, or in response to something else). 
13 

14 One known solution is to encrypt the digital content to be used for pres- 

15 entation as media streams, so that a recipient of that digital content cannot easily redis- 

16 tribute it to unauthorized recipients. It would be advantageous to ensure that encryp- 

17 tion protects the content all the way from its source to the presentation device at which 

18 it is to be presented to a user. However, if there is more than one presentation device 

19 owned by the user, that known solution involves either delivering the content sepa- 

20 rately for each presentation device, or allowing the content to remain in an unencrypted 

21 form (herein also called "in the clear") at some location on some device controlled by 

22 the user. 

EL 768 962 037 US 2 



217.1010.01 

1 

2 In a related invention, manipulation of digital content by recipients is re- 

3 stricted to a secure portion of a playback device, so that recipients cannot distribute that 

4 digital content for purposes other than presentation to viewers. It would be advanta- 

5 geous to further restrict manipulation of digital content so that presentation to viewers 

6 could only occur within limits imposed by licensing restrictions. For example, some 

7 movies are distributed with a specified release date, that is, a date upon which they be- 

8 come available for release to the public for presentation, and not before. It would also 

9 be advantageous, especially in a networked system for distribution of digital content 

10 representing media streams, to be able to distribute digital content without fear that re- 

11 cipients would present the media streams represented by that digital content earlier 

12 than allowed. 
13 

14 Accordingly, it would be advantageous to provide an improved technique 

15 for distribution of digital content. 
16 

17 SUMMARY OF THE INVENTION 

18 

19 The invention provides a method and system capable of distributing 

20 digital content representing media streams, and keys for unlocking (such as for example 

21 decrypting) that content, to a user. In one aspect, the invention provides for content to 

22 be deliverable to the user separately (either by a different communication, or separately 
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1 in time, either earlier or later) from licenses to that content. The content is delivered en- 

2 crypted, with the effect that the user cannot redistribute that content. The licenses are 

3 delivered designating selected presentation devices owned by the user (in one em- 

4 bodiment, each license is associated with exactly one such presentation device), with the 

5 effect that the user cannot present that content on unlicensed presentation devices, and 

6 with the effect that the content need only be delivered to the user once for more than 

7 one presentation device. 
8 

9 In one embodiment, the presentation devices include a secure portion, 

10 relatively resistant to tampering by the user, in which each presentation device main- 

11 tains a unique presentation device key, with the effect that licenses can be tailored to 

12 selected presentation devices. For one example, not intended to be limiting in any way, 

13 the secure portion might be implemented in an application-specific hardware device, 

14 the hardware device being resistant to intrusion on any of its communication paths and 

15 not allowing the presentation device key or the digital content to be seen by the user. 

16 (In such embodiments, the presentation device key and the digital content is not avail- 

17 able outside the specific integrated circuit implementing the secure portion of the pres- 

18 entation device, the specific integrated circuit being bonded by epoxy to its board and 

19 relatively hardware resistant to either tampering or snooping.) The user owns one or 

20 more such presentation devices, coupled using a local communication link to a local li- 

21 brary, which maintains a copy of the content in an encrypted form, with the effect that 

22 the user cannot redistribute the digital content in the clear, and with the effect that that 
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1 user cannot present the media stream represented by that digital content without an 

2 appropriate license (the license designating the selected presentation device, in one em- 

3 bodiment by itself being encrypted using the selected presentation device key). How- 

4 ever, the user can search the library for information generally available about the media 

5 stream, such as for example embedded in metadata for the digital content, without 

6 having to substantially decrypt that digital content. 
7 

8 The invention is not restricted to movies, but is also applicable to other 

9 media streams, such as for example animation or sound, as well as to still media, such 

10 as for example pictures or illustrations, and to databases and other collections of infor- 

1 1 mation. 

12 

13 BRIEF DESCRIPTION OF THE DRAWINGS 

14 

15 Figure 1 shows a block diagram of a system for distributing content and 

1 6 keys for digital content representing media streams. 

17 

18 Figures 2 A and 2B show flow diagrams of a method for distributing con- 

19 tent and keys for digital content representing media streams. 
20 
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l INCORPORATED DISCLOSURES 

2 

3 This application claims priority of the following documents, each of which 

4 is hereby incorporated by reference as if fully set forth herein. 

5 

6 • U.S. provisional patent application 60/394,630, filed July 9, 2002, in the name of 



7 Michael Malcolm, Stephen Watson, Daniel Collens, and Kevin Hui, attorney 

8 docket number 217.1001.01, titled "Watermarking and Fingerprinting a Movie 

9 for Secure Distribution." 
10 

1 1 • U.S. provisional patent application 60/394,922, filed July 9, 2002, in the name of 

12 Michael Malcolm, Stephen Watson, and Daniel Collens, attorney docket number 

13 217.1002.01, titled "System Architecture of a System for Secure Distribution of 

14 Media." 
15 

16 • U.S. provisional patent application 60/394,588, filed July 9, 2002, in the name of 

17 Michael Malcolm, Stephen Watson, and Daniel Collens, attorney docket number 

18 217.1003.01, titled "Topology of Caching Nodes in a System for Secure Delivery 

19 of Media Content." 
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1 • U.S. patent application 10/356,692, filed January 31, 2003, in the name of Daniel 

2 Collens, Stephen Watson, and Michael Malcolm, attorney docket number 

3 217.1004.01, titled "Parallel Distribution and Fingerprinting of Digital Content". 
4 

5 • U.S. patent application 10/356,322, filed January 31, 2003, in the name of Stephen 

6 Watson, Daniel Collens, and Kevin Hui, attorney docket number 217.1005.01, ti- 

7 tied "Watermarking and Fingerprinting Digital Content Using Alternative Blocks 

8 to Embed Information". 
9 

10 • U.S. patent application 10/377,266, filed February 28, 2003, in the name of Ste- 

11 phen Watson, attorney docket number 217.1006.01, titled "Recovering from De- 

12 Synchronization Attacks Against Watermarking and Fingerprinting". 
13 

14 • U.S. patent application 10/378,046, filed February 28, 2003, in the name of Ste- 

15 phen Watson, attorney docket number 217.1007.01, titled "Detecting Collusion 

1 6 Among Multiple Recipients of Fingerprinted Information". 

17 

18 • U.S. patent application 10/ , filed this same day, in the name of Michael 

19 MALCOLM, Daniel COLLENS, Stephen WATSON, Paul RECHSTEINER, Kevin 

20 HUI, attorney docket number 217.1008.01, titled "Secure Presentation Of Media 

2 1 Streams in Response to Encrypted Digital Content". 
22 



EL 768 962 037 US 



7 



217.1010.01 

1 These documents are hereby incorporated by reference as if fully set forth 

2 herein, and are sometimes referred to herein as the "incorporated disclosure". 

3 

4 Inventions described herein can be used in combination or conjunction 

5 with technology described in the incorporated disclosure. 
6 

7 DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 

8 

9 In the description herein, a preferred embodiment of the invention is de- 

10 scribed, including preferred process steps and data structures. Those skilled in the art 

11 would realize, after perusal of this application, that embodiments of the invention 

12 might be implemented using a variety of other techniques not specifically described, 

13 without undue experimentation or further invention, and that such other techniques 

14 would be within the scope and spirit of the invention. 
15 

16 Lexicography 
17 

18 The general meaning of each of these following terms is intended to be il- 

19 lustrative and in no way limiting. 
20 

21 • The phrase "media stream" describes information intended for presentation in a 

22 sequence, such as motion pictures including a sequence of frames or fields, or 
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1 such as audio including a sequence of sounds. As used herein, the phrase 

2 "media stream" has a broader meaning than the standard meaning for 

3 "streaming media," (of sound and pictures that are transmitted continuously 

4 using packets and that start to play before all of the content arrives). Rather, as 

5 described herein, there is no particular requirement that media streams must be 

6 delivered continuously. Also as described herein, media streams can refer to 

7 other information for presentation, such as for example animation or sound, as 

8 well as to still media, such as for example pictures or illustrations, and also to 

9 databases and other collections of information. 
10 

1 1 • The phrase "digital content" describes data in a digital format, intended to repre- 

12 sent media streams or other information for presentation to an end viewer. 

13 "Digital content" is distinguished from packaging information, such as for ex- 

14 ample message header information. For the two phrases "digital content" and 

15 "media stream," the former describes a selected encoding of the latter, while the 

16 latter describes a result of presenting any encoding thereof. 

17 

18 • The phrase "end viewer," and the term "user," describe a recipient of the media 

19 streams for whom decoding of the digital content for the media streams, and 

20 presentation of the media streams, is contemplated. 

21 



~9 



I 
2 
3 
4 
5 



7 
8 
9 
10 
11 
12 
13 



15 
16 



19 

20 
21 
22 



217.1010.01 

. The term "decoding" describes generating data in a form for presentation of the 
media streams, in response to the digital content for the media streams in an en- 
coded format. As described herein, the encoded format might include an indus- 
try standard encoded format such as MPEG-2. However, the concept of decod- 
ing as described herein is sufficiently general to include other encoding formats 



6 for media streams. 



• The term "presentation" describes generating information in a form for viewing 
of the media streams, such as for example audio and visual information for 
viewing a movie. As described herein, presentation of a movie might include 
visual display of the frames or fields of motion picture, as well as audio presen- 
tation of a soundtrack associated with that motion picture. However, the con- 
cept of presentation as described herein is sufficiently general to include a wide 
14 variety of other forms of generating information for viewing. 



• The phrase "licensing restrictions" describes any business rules having an effect 



17 on use of the media streams or the digital content representing those media 

18 streams. Examples of licensing restrictions include, without limitation, legal or 



contractual limits to use by an end viewer, such as for example any limits to use 
responsive to selected dates or times or categories thereof, limitations to selected 
playback elements or categories thereof, selected locations (such as for example 
selected countries or cities), selected end viewers or categories thereof, a selected 
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1 number of times (or a selected range of number of times), a selected type of pay- 

2 ment , additional fingerprinting for presentation, or other business rules or cate- 

3 gories thereof. 
4 

5 • The phrase "presentation device" describes any software or hardware element, 

6 or software and hardware elements operating in combination or conjunction, ca- 

7 pable of decoding the digital content and presenting the media streams to an end 

8 viewer in a human-perceivable form. Examples of presentation devices include, 

9 without limitation, an MPEG decoder coupled with a television monitor and 

10 speaker. As described herein, in one embodiment the presentation device in- 

1 1 eludes both a secure portion, capable of decoding the digital content, and a non- 
12 secure portion, capable of presenting the decoded digital content in a human- 

13 perceivable form to the end viewer. After reading this application, those skilled 

14 in the art will recognize that there are many configurations of presentation de- 

15 vice within the scope and spirit of the invention. For a first example, a presenta- 

16 tion device might include a single integrated device in which the operation of the 

17 whole device is made relatively inaccessible to the user. For a second example, a 

18 presentation device might include a common secure portion and more than one 

19 display element (such as for example a flat panel display, speakers, or both) re- 

20 ceiving its inputs from that common secure portion. For a third example, a pres- 

21 entation device might include a sophisticated rendering system that translates 

22 MPEG encoding into a 3D total-immersion presentation (such as for example a 
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1 flight simulator), or an Artificial Intelligence system that watches the MPEG en- 

2 coding for selected objects of interest (such as for example a surveillance review 

3 system). In the context of the invention, there is no particular requirement that 

4 presentation devices are limited in any way; presentation devices ultimately re- 

5 spond to the media stream represented by the digital content. 
6 

7 •The term "secure" describes an aspect or element of an embodiment of the in- 

8 vention that is relatively reliable and trustworthy, as contrasted with "non- 

9 secure" aspects or elements, which might have been altered, compromised, tam- 

10 pered with, or otherwise suborned. The phrase "hardware secure" (or a "hard- 

1 1 ware level of security") describes an aspect or element of an embodiment of the 

12 invention that would require tampering with hardware by the end viewer to 

13 make that aspect or element non-secure. The phrase "software secure" (or a 

14 "software level of security") describes an aspect or element of an embodiment of 

15 the invention that would require tampering with software by the end viewer to 

16 make that aspect or element non-secure. The phrase "cryptographically secure" 

17 (or a "cryptographic level of security") describes an aspect or element of an em- 

18 bodiment of the invention that would require defeating a cryptographic code, or 

19 other mathematical construct involving a similar degree of effort or luck, to make 

20 that aspect or element non-secure. 
21 
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1 • The phrase "secure portion" describes a portion of the presentation device com- 

2 paratively secure against attack by an end viewer having physical control over 

3 the presentation device. In one embodiment, secure portions of presentation de- 

4 vices include, without limitation, a hardware element that has been isolated and 

5 protected against tampering by the end viewer. Examples of secure portions in- 

6 elude hardware elements disposed so that the end viewer's effort to compromise 

7 security of the secure portion would be much more difficult than any economic 

8 value that might be achieved thereby. In one embodiment, the secure portion in- 

9 eludes a secure clock. 

10 

n Other and further applications of the invention, including extensions of 

12 these terms and concepts, would be clear to those of ordinary skill in the art after pur- 

13 chasing this application. These other and further applications are part of the scope and 

14 spirit of the invention, and would be clear to those of ordinary skill in the art without 

1 5 further invention or undue experimentation. 
16 

17 The scope and spirit of the invention is not limited to any of these defini- 

18 tions, or to specific examples mentioned therein, but is intended to include the most 

19 general concepts embodied by these and other terms. 
20 

21 System Elements 

22 
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1 Figure 1 shows a block diagram of a system for distributing content and 

2 keys for digital content representing media streams. 
3 

4 A system 100 includes a communication link 110, a content server 120, a 

5 license server 130, and a user subsystem 140. 
6 

7 The communication link 110 includes any technique capable of delivering 

8 digital content and licenses from senders to receivers, and in one embodiment, includes 

9 a computer network such as for example the Internet. In such embodiments, the con- 

10 tent server 120 or the license server 130 might be coupled to the user subsystem 140 us- 

1 1 ing one or more intermediate caching devices, such as for example shown in the incor- 

12 porated disclosure. 
13 

14 The content server 120 includes a processor, program and data memory, 

15 and memory or mass storage 121 capable of maintaining inert content 122 over a sub- 

16 stantial time period. The content server 120 includes an input port 123, capable of re- 

17 ceiving original content 124 "in the clear" and includes software instructions capable of 

18 being interpreted by the processor to convert that original content 124 into inert content 

19 122 maintainable in the storage 121. In one embodiment, a secure portion 125 of the 

20 content server 120 (or other location where original content 124 is received "in the 

21 clear") is isolated from non-secure portions of the content server 120 and is secured 

22 against entry, tampering and inspection by unauthorized parties, with the effect that the 
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1 original content 124 is made secure against accidental or malicious release. The original 

2 content 124 is streamed through that secure portion 125 of the content server 120, en- 

3 crypted or re-encrypted as described below, and thus converted into inert content 122. 

4 However, the portion of the content server 120 where inert content 122 is maintained 

5 might be the non-secure portions of the content server 120. 
6 

7 The license server 130 includes a processor, program and data memory, 

8 and memory or mass storage 131 capable of maintaining a set of licensing business rules 

9 132 and a set of licenses 133, with the effect that the license server 130 is capable of 

10 sending licenses 133 (those licenses 133 including user content keys 127, and being 

11 locked using presentation device keys 134) to a selected user subsystem 140. In one 

12 embodiment, similar to the secure portion 125 of the content server 120, a secure portion 

13 135 of the license server 130 (or other location where licenses 133 are generated "in the 

14 clear") is isolated from non-secure portions of the license server 130 and is secured 

15 against entry, tampering and inspection by unauthorized parties, with the effect that the 

16 licenses 133 are made secure against accidental or malicious release. However, the por- 

17 tion of the license server 130 where inert licenses 133 are maintained might be the non- 
18 secure portions of the license server 130. 

19 

20 Although described as separate devices, in the context of the invention 

21 there is no particular requirement that the content server 120 and the license server 130 

22 be separate devices, or even that they be isolated subsystems part of the same device. 
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1 Rather, the content server 120 and the license server 130 are described herein as sepa- 

2 rate devices to illustrate the different functions each performs. In one embodiment, the 

3 content server 120 and the license server 130 might be collocated at a single hardware 

4 device, using software appropriate to the processes and data structures described 

5 herein. 
6 

7 The user subsystem 140 includes a local communication link 141, a local 

8 content library 142, one or more presentation devices 143, each having a secure portion 

9 144 and a non-secure portion 145, and a media reader device 146, such as for example a 

10 DVD reader capable of reading media 147 such as for example one or more DVD's. 
11 

1 2 Method of Operation 
13 

14 Figure 2 shows a flow diagram of a method for distributing content and 

15 keys for digital content representing media streams. 
16 

17 Although described serially, the flow points and method steps of the 

18 method 200 can be performed by separate elements in conjunction or in parallel, 

19 whether asynchronously or synchronously, in a pipelined manner, or otherwise. In the 

20 context of the invention, there is no particular requirement that the method must be 

21 performed in the same order in which this description lists flow points or method steps, 

22 except where explicitly so stated. 
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l 

2 Ingesting Digital Content 
3 

4 At a flow point 210A, the system 100 is ready to ingest original digital 

5 content 124 representing media streams. 

6 

7 At a step 211, the license server 130 obtains a master content key 126 for 

8 the original digital content 124, and sends that master content key 126 to the secure 

9 portion 125 of the content server 120. In one embodiment, keys are generated at a se- 

10 cure device in a secure location, such as a specialized key server (not shown) with 

1 1 which communication is conducted using only secure channels (such as for example 

12 SSL). In such embodiments, the key server might include a non-secure portion in which 

13 inert keys are maintained. Inert keys might include master content keys, user content 

14 keys, presentation device keys, or other keys, so long as those keys are locked against 

15 unauthorized inspection or tampering (such as by being encrypted using a master key). 

16 If the content server 120 and the license server 130 are collocated, the steps for sending 

1 7 are just that much simpler. 
18 

19 At a step 212, the secure portion 125 of the content server 120 receives the 

20 original digital content 124 "in the clear" representing media streams at its input port 

21 123. 

22 
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1 At a step 213, the secure portion 125 of the content server 120 encrypts the 

2 original digital content 124 with the master content key 126, with the effect of generat- 

3 ing a set of inert content 122, and destroys any copies of the original digital content 124 

4 it has "in the clear." 

5 

6 At a step 214, the non-secure portion of the content server 120 records and 

7 maintains the inert content 122 in the storage 121. As part of this step, the content 

8 server 120 provides that the inert content 122 can be retrieved from the storage 121 in 

9 response to metadata regarding the original digital content 124, such as for example a 

10 title or serial number of the media stream. 
11 

12 At a flow point 210B, the system 100 has completed ingesting the original 

13 digital content 124, and is ready to ingest further original digital content 124, or to dis- 

14 tribute inert content 122 to user subsystems 140, or to do something else. 

15 

16 Delivering Inert Content 
17 

18 At a flow point 220 A, the system 100 is ready to deliver inert content 122 

19 to one or more user subsystems 140. 

20 

21 At a step 221, the secure portion 125 of the content server 120 obtains a 

22 user content key 127 specific to the selected user subsystem 140. As described above, a 
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1 secure key server generates keys; the secure portion 125 of the content server 120 ob- 

2 tains the user content key 127 from the key server using a secure communication link. 

3 

4 At a step 222, the secure portion 125 of the content server 120 decrypts the 

5 inert content 122 using its master content key 126 (unique to that particular item of 

6 digital content), and re-encrypts it using the specific user content key 127. As described 

7 above, a secure key server generates keys; in one embodiment, a non-secure portion of 

8 that key server maintains the specific user content key 127, associated with its user sub- 

9 system 140. This has the effect of generating a version of the inert content 122 specific to 
l o the selected user subsystem 140. 

ll 

12 At a step 223, the non-secure portion of the content server 120 packages 

13 the specific version of the inert content 122 in an appropriate format, and sends that 

14 specific version of the inert content 122 to the local content library 142 at the selected 

15 user subsystem 140. 
16 

17 in embodiments of the invention, the inert content 122 might be delivered 

18 by sending it using one or more communication protocols using the communication 

19 link 110, or might be delivered to the user subsystem 140 by pre-loading that inert con- 

20 tent 122 onto the local content library 142 when the user subsystem 140 is physically 

21 delivered or constructed, or might be delivered on physical media such as for example a 

22 DVD. For one example, not intended to be limiting in any way, the user might obtain a 
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1 DVD having inert content 122 at a retail distribution point (such as for example a video 

2 store), where on that DVD are one or more media streams each encoded and encrypted 

3 to provide inert content 122. 
4 

5 In cases where the user obtains the inert content 122 by having it pre- 

6 loaded on the user subsystem 140, the inert content 122 on the user subsystem 140 has 

7 already been so re-encrypted. 
8 

9 In cases where the user obtains the inert content 122 using physical media, 

10 the content server 120 prepares the physical media using a media content key 128 spe- 
ll cific to the selected physical media. The user is able to use the physical media as de- 
12 scribed below with regard to "Ingesting Physical Media." 

13 

14 At a flow point 220B, the system 100 has delivered inert content 122 to one 

15 or more user subsystems 140, and is ready to issue a license 133 designating a selected 

16 presentation device 143, or to do something else. 
17 

18 Issuing License 

19 

20 At a flow point 230A, the system 100 is ready to issue a license 133 (spe- 

21 cific to a selected item of digital content) designating a selected presentation device 143 

22 to the associated user subsystem 140. 
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l 

2 At a step 231, the license server 130 receives a request for a license 133 

3 from the user subsystem 140 associated with the selected presentation device 143. In 

4 alternative embodiments, there need not be a specific request, and in addition or instead 

5 the license server 130 might be made aware of a set of subscriptions by known users to 

6 selected media streams (such as for example a periodical including audiovisual ele- 

7 ments, or a bulk license including pre-purchase of selected content). In such embodi- 

8 ments, the license server 130 need not receive a specific request, but in addition or in- 

9 stead initiates the method 200 at the flow point 230 and skips this step. 

10 

n At a step 232, the license server 130 confirms that the request conforms to 

12 the licensing business rules 132 as maintained at the license server 130. As noted with 

13 regard to the previous step, in embodiments where the license server 130 is made aware 

14 of subscriptions or pre-purchases, the license server 130 might be able to skip this step. 

15 Examples of licensing business rules 132 might include one or more of, or some combi- 

1 6 nation or conjunction of, the following: 
17 

18 • a release date for the media stream; 
19 

20 • a final showing date for the media stream; 
21 

22 • one or more "blackout" periods for the media stream; 
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1 

2 • geographic or other regional restrictions on presentation of the media stream 

3 (such as for example a version of the media stream licensed only for use in 

4 Europe, or only for use outside selected countries where that media stream is 

5 prohibited); 
6 

7 • financial or other prerequisites for presentation of the media stream (such as for 

8 example a charge for viewing, or a requirement of having a nondisclosure 

9 agreement on file, or a requirement of a selected authorization within a com- 

10 P an y)- 
11 

12 At a step 233, the license server 130 generates and sends an inert license 

13 133 specific to the presentation device 143. To perform this step, the license server 130 

14 performs the following sub-steps: 
15 

16 • At a sub-step 233(a), the secure portion 135 of the license server 130 obtains the 

17 specific user content key 127 from the key server (as described above, the key 

18 server might maintain keys in a non-secure portion thereof), or obtains the spe- 

19 cific media content key 128 from the user subsystem 140, as appropriate. Al- 

20 though in one embodiment, the user content key 127 is associated with a specific 

21 user, there is no particular requirement that this association be strictly main- 

22 tained. For a first example, a user content key 127 might be assigned ahead of 
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knowing which user it is associated with, similar to a warehouse receipt, which 
might be passed around before being affixed to a particular user. (This example 
might be useful in cases where it is desired to resell the user subsystem 140, such 
as for example when the owner is an installer or a video store.) For a second ex- 
ample, a user content key 127 might be associated with an organization, and thus 
be associated with different actual users within that organization from time to 
time. For a third example, a user content key 127 might be associated with a 
(typically relatively small) group of actual users, such as for example a family, a 
social club, or a cooperative. 

At a sub-step 233(b), the secure portion 135 of the license server 130 generates a 
license 133 "in the clear." As part of this sub-step, the secure portion 135 of the 
license server 130 inserts the specific conditions associated with the license 133, 
and the specific user content key 127, into the information package included in 
the license 133. 

At a sub-step 233(c), the secure portion 135 of the license server 130 obtains the 
presentation device key 134 from the key server (as described above, the key 
server might maintain keys in a non-secure portion thereof). 

At a sub-step 233(d), the secure portion 135 of the license server 130 encrypts the 
license 133 with the presentation device key 134, and destroys any copies of the 
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1 license 133 "in the clear," as well as any copies it has of the presentation device 

2 key 134. As described above, an inert copy of the presentation device key 134 

3 remains maintained by the non-secure portion of the key server. This has the ef- 

4 feet of generating an inert license 133 for the presentation device 143. 
5 

6 • At a sub-step 233(e), the non-secure portion of the license server 130 packages the 

7 inert license 133 for the presentation device 143 in an appropriate format, and 

8 sends that inert license 133 to the local content library 142 at the selected user 

9 subsystem 140. 
10 

! ! At a step 234, the local content library 142 at the user subsystem 140 sends 

12 the inert license 133 to the specific presentation device 143. In one embodiment, the 

13 specific presentation device 143 might actively request the inert license 133 from the lo- 

14 cal content library 142. However, in alternative embodiments, the local content library 

15 142 might deliver the inert license 133 to the specific presentation device 143 using a 

16 "push" model or a subscription model for delivery of such information. 

17 

18 At a flow point 230B, the system 100 has issued a license 133 (specific to a 

19 selected item of digital content) designating a selected presentation device 143 to the as- 

20 sociated user subsystem 140, and the user subsystem 140 is ready to present the media 

21 stream at a selected presentation device 143, or to do something else. 
22 
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l Presenting Media Stream 

2 

3 At a flow point 240A, the system 100 is ready to present the media stream 

4 at a selected presentation device 143. 

5 

6 At a step 241, the secure portion 144 of the presentation device 143 de- 

7 crypts the inert license 133 and the inert content 122 for presentation to the user. To 

8 perform this step, the secure portion 144 of the presentation device 143 performs the 

9 following sub-steps: 



10 

11 • At a sub-step 241(a), the secure portion 144 of the presentation device 143 de- 

12 crypts the inert license 133 with its presentation device key 134. 
13 

14 • At a sub-step 241(b), the secure portion 144 of the presentation device 143 checks 

15 the decrypted license 133 against a license integrity code maintained within that 

16 license 133. This has the effect of determining if the license 133 has been tam- 

17 pered with. Tampered-with licenses 133 are not valid. 
18 

19 • At a sub-step 241(c), the secure portion 144 of the presentation device 143 obtains 

20 the user content key 127, or the media content key 128, as appropriate, from the 

21 license 133. 



22 
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1 • At a sub-step 241(d), the secure portion 144 of the presentation device 143 checks 

2 the license 133 for any restrictions it can enforce (such as for example a restriction 

3 to a selected time window), and if it finds any, enforces them. This might have 

4 the effect that the secure portion 144 of the presentation device 143 generates a 

5 signal indicating that the license 133 is not currently valid, and in one embodi- 

6 ment, why. If the license 133 is not currently valid, the secure portion 144 of the 

7 presentation device 143 refuses to present the media stream. If the license 133 is 

8 currently valid, the secure portion 144 of the presentation device 143 continues 

9 with the next sub-step. 

10 

11 • At a sub-step 241(e), the secure portion 144 of the presentation device 143 de- 

12 crypts the inert content 122 using the user content key 127, or the media content 

13 key 128, as appropriate, and streams the digital content to hardware in the pres- 

14 entation device 143 for presenting the media stream to the user. 
15 

16 At a step 242, the presentation device 143 presents the media stream to the 

17 user. 
18 

19 At a flow point 240B, the system 100 has presented the media stream at a 

20 selected presentation device 143, and is ready to do something else. 

21 
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I Ingesting Physical Media 

2 

3 At a flow point 250A, the user subsystem 140 is ready to ingest physical 

4 media 147 using a media reader 146. 

5 

6 At a step 251, the user subsystem 140 requests a license 133 to ingest the 

7 physical media 147 from the license server 130. In response, the license server 130 gen- 

8 erates an inert license 133 to ingest the physical media 147 and sends that license 133 to 

9 the user subsystem 140. 
10 

II At a step 252, the local content library 142 maintains the inert license 133 
12 to ingest the physical media 147 in memory or storage. 

13 

14 At a step 253, the local content library 142 sends the inert license 133 to in- 

1 5 gest the physical media 147 to the media reader 146. 
16 

17 At a step 254, the media reader 146 ingests the physical media 147. To 

1 8 perform this step, the media reader 146 performs the following sub-steps: 
19 

20 • At a sub-step 254(a), similar to the sub-step 241(a), the media reader 146 decrypts 

21 the inert license 133 with its reader device key 134 (similar to a presentation de- 

22 vice key 134). 
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l 

2 • At a sub-step 254(b), similar to the sub-step 241(b), the media reader 146 checks 

3 the decrypted license 133 against a license integrity code maintained within that 

4 license 133. This has the effect of determining if the license 133 has been tam- 

5 pered with. Tampered-with licenses 133 are not valid. 
6 

7 • At a sub-step 254(c), similar to the sub-step 241(c), the media reader 146 obtains 

8 the media content key 128 from the license 133. 
9 

10 • At a sub-step 254(d), similar to the sub-step 241(d), the media reader 146 checks 

1 1 the license 133 for any restrictions it can enforce (such as for example a restriction 

12 to a selected time window), and if it finds any, enforces them. For one example, 

13 not intended to be limiting in any way, the media reader 146 might check that 

14 the license 133 is in fact issued with regard to the specific media (such as an indi- 

15 vidual DVD-Video), in which case the media reader 146 might compute a hash 

16 code for the specific media and compare it with a designated hash code in the li- 

17 cense 133. This might have the effect that the media reader 146 generates a signal 

18 indicating that the license 133 is not currently valid, and in one embodiment, 

19 why. If the license 133 is not currently valid, the media reader 146 refuses to in- 

20 gest the physical media 147. If the license 133 is currently valid, the media reader 

2 1 146 continues with the next sub-step. 
22 
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1 • At a sub-step 254(e), similar to the sub-step 241(e), the media reader 146 decrypts 

2 any digital content on the physical media 147 using the media content key 128 (if 

3 in fact that physical media 147 was encrypted to start with; if not, no decryption 

4 is performed), and re-encrypts that digital content with a new media content key 

5 128. This has the effect of generating inert content 122, which the media reader 

6 146 sends to the local content library 142. 
7 

8 At a step 255, the local content library 142 maintains the inert content 122 

9 in storage 121. 

10 

11 At a flow point 250B, the user subsystem 140 has ingested physical media 

12 147 using a media reader 146, and is ready to do something else. 
13 

14 Alternative Embodiments 
15 

16 Although preferred embodiments are disclosed herein, many variations 

17 are possible which remain within the concept, scope, and spirit of the invention. These 

18 variations would become clear to those skilled in the art after perusal of this applica- 

19 tion. 
20 

21 • The invention is not restricted to movies, but is also applicable to other media 

22 streams, such as for example animation or sound, as well as to still media, such 
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as for example pictures or illustrations, and to databases and other collections of 
information. 

Those skilled in the art will recognize, after perusal of this application, 
that these alternative embodiments are illustrative and in no way limiting. 
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